AGENCY:

Privacy Office; Department of Homeland Security.

ACTION:

Notice of Privacy Act system of records.

SUMMARY:

Pursuant to the Privacy Act of 1974, the Department of Homeland Security, National Protection and Programs Directorate, United States Visitor and Immigrant Status Indicator Technology program is giving notice that it proposes to add a new system of records, entitled the Technical Reconciliation Analysis Classification System. The Technical Reconciliation Analysis Classification System is an information management tool used to enhance the integrity of the United States immigration system by detecting, deterring, and pursuing immigration fraud, and identifying persons who pose a threat to national security and/or public safety.

DATES:

The established system of records will be effective July 16, 2008. Written comments must be submitted on or before July 16, 2008.

ADDRESSES:

You may submit comments, identified by DHS-2007-0077, by one of the following methods:

• Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
• Fax: 1-866-466-5370.
• Mail: Hugo Teufel III, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528.
• Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.
• Docket: For access to the docket to read background documents or comments received go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

For general questions please contact: TRACS System Manager, US-VISIT Program, U.S. Department of Homeland Security, Washington, DC 20528 (202) 298-5200 or by facsimile (202) 298-5201. For privacy issues please contact: Start Printed Page 34029Hugo Teufel III (703-235-0780), Chief Privacy Officer, Privacy Office, U.S. Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

I. Background

In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD), United States—Visitor and Immigrant Status Indicator Technology (US-VISIT) program is establishing a Privacy Act system of records known as Technical Reconciliation Analysis Classification System (TRACS). This system of records is an information management tool used for management and analysis of US-VISIT records. TRACS will help enhance the integrity of the United States immigration system by detecting, deterring, and pursuing immigration fraud, and by identifying persons who pose a threat to national security and/or public safety. TRACS will consist of paper files and electronic databases.

The Secretary of the Department of Homeland Security has delegated to NPPD and US-VISIT the responsibility for enhancing the security of U.S. citizens and visitors; facilitating safe, efficient, and legitimate travel to the U.S.; promoting border security and the integrity of the immigration system; safeguarding the privacy of visitors to the U.S.

NPPD and US-VISIT have also been delegated authority for assisting in the prevention of immigration identity fraud or theft; and serving law enforcement, border officials, and others who make decisions on immigration matters, including decisions on immigration benefits and status, by identifying aliens seeking permission to enter, entering, visiting, residing in, changing status within, or exiting the U.S.

Finally, NPPD and US-VISIT have been delegated the responsibility for providing technical assistance and analytic services to other DHS functions and components and to other Federal agencies, as well as to State, local, tribal, and foreign governments, including multinational and international organizations, to better protect the Nation's physical and virtual borders.

To discharge the above responsibilities, TRACS will be used to: (1) Identify individuals who have remained in the United States beyond their authorized period of admission (overstays); (2) maintain information on why individuals are promoted to or demoted from the Automated Biometric Identification System (IDENT) list of subjects of interest; (3) provide the means for additional research in regards to individuals whose biometrics are collected by DHS, and subsequently matched to the list of subjects of interest during a routine IDENT query. A query of this nature would take place following a background check or security screening relating to the individual's hiring or retention, performance of a job function, or the issuance of a license or credential, allowing them access to secured facilities to perform mission and non-mission related work. Examples of this include credentialing of Federal, non-Federal, and contractor employees who work within the secured areas of our nation's airports; (4) to further analyze information about individuals who may be identified as a subject of interest following a routine query against IDENT while applying for visas or other benefits on behalf of domestic partners, such as the U.S. Department of State or foreign partners, as is the case with the United Kingdom Border Agency's (UKBA) International Group Visa Services program, which supports the DHS mission; and (5) to provide information in response to queries from law enforcement and intelligence agencies charged with national security, law enforcement, immigration, or other DHS mission-related functions.

Specifically, TRACS will be used for the analysis of overstays, for changes to the IDENT subject of interest lists, law enforcement and intelligence research, and to assist in developing and fostering foreign partnerships that enhance the goals and mission of US-VISIT, such as the work being done in association with the UKBA's International Group Visa Services project.

To identify possible overstays, US-VISIT reviews and analyzes information in the Arrival and Departure Information System (ADIS), a US-VISIT system used for the storage and use of biographic, biometric indicator, and encounter data on aliens who have applied for entry, entered, or departed the United States. ADIS consolidates information from various systems in order to provide a repository of data held by DHS for pre-entry, entry, status management, and exit tracking of immigrants and non-immigrants. Its primary use is to facilitate the investigation of subjects of interest who may have violated their immigration status by remaining in the United States beyond their authorized stay. To assist in the resolution of overstays, information related to them may be copied to TRACS for review and further analysis against other US-VISIT programs and systems to better determine their status.

Regarding changes to the IDENT Subject of Interest List, in order to maintain the integrity of the immigration and customs programs, DHS maintains records within IDENT to identify individuals who may present a terrorist threat to the United States as well as those individuals who may not be allowed to enter the country because of past violations of immigration or customs law. An individual is either promoted to or demoted from the list of subjects of interest within IDENT. As IDENT is not a case management system, it merely records the change, not the justification for the change. TRACS will have the ability to serve as a case management system and not only use the information regarding the changes to the list of subjects of interest that is recorded in IDENT but also to record and store the actual justification for any change. The user will also have the ability to enter data in pre-determined selectable categories or manually by either free text or by cutting and pasting information retrieved from other systems and placing it into a workspace in TRACS so that analysis can be performed.

For assistance in background checks and security clearance processes for employment at DHS or receipt of a DHS license or credential, applicants may have their information searched against ADIS or IDENT records. Clearance, employment eligibility, or other license or credential applications that have a match against ADIS or IDENT may require additional research regarding the applicant. Such information would be maintained and tracked in TRACS.

Regarding analyzing information on behalf of domestic or foreign partners, US-VISIT will assist its partners in analyzing information held by US-VISIT where such analysis supports the DHS mission. For example, for the UKBA visa services project, US-VISIT will receive biometric information from the UK for UK visa applicants and query their biometric information against the IDENT list of subjects of interest. US-VISIT will then provide the results from the query back to the UK for purposes of visa adjudication.

Regarding law enforcement and intelligence research, US-VISIT may also receive requests from other law enforcement agencies, such as Immigration and Customs Enforcement (ICE), Customs and Border Protection (CBP), and the Federal Bureau of Investigation (FBI), as well as from other intelligence agencies, to provide further information regarding the immigration status for individuals of interest to those Start Printed Page 34030organizations. US-VISIT tracks these requests and the responses in TRACS.

Information in TRACS comes primarily from ADIS and IDENT. TRACS may also contain information from other DHS component programs or systems, or publicly available source systems that are manually queried while researching a particular case. Data researched or identified through publicly available source systems, such as the internet, will be identified and referenced in the individual's record in TRACS. If it becomes routine for a specific public source system(s) to be used on a regular basis, the PIA will be updated to reflect this system(s) as a common source of information and data. For research conducted, based on an external request, information may also be provided from the requesting entity, as described below for the DHS/United Kingdom Border Agency's (UKBA) International Group Visa Services program.

The data contained in TRACS is primarily from the US-VISIT systems Arrival and Departure Information System (ADIS) (72 FR 47057, Arrival and Departure Information System (ADIS), System of Records Notice, August 22, 2007); the Automated Biometric Identification System (IDENT) (72 FR 31080, Automated Biometric Identification System (IDENT), System of Records Notice, June 5, 2007); and a Customs and Border Protection (CBP) system called the Treasury Enforcement Communications System (TECS) (66 FR 53029, Treasury Enforcement Communications System (TECS), System of Records Notice, October 18, 2001). TRACS also receives data from a Department of State (DOS) system called the Consolidated Consular Database (CCD); the Student and Exchange Visitor Information System (SEVIS) (70 FR 14477, Student and Exchange Visitor Information System (SEVIS), System of Records Notice, March 22, 2005); the Central Index System (CIS) (72 FR 1755, Central Index System (CIS), System of Records Notice, January 16, 2007); the Computer-linked Application Information Management System (CLAIMS 3 and 4) (64 FR 18052, Computer Linked Application Information Management System (CLAIMS 3 and 4), System of Records Notice, April 13, 1999); the Refugees, Asylum & Parole System (RAPS); the Deportable Alien Control System (DACS) (67 FR 64136, Deportable Alien Control System (DACS), System of Records Notice, October 17, 2002); and the Enforcement Case Tracking System (ENFORCE). TRACS also contains data from Web searches for addresses and phone numbers.

II. Privacy Act

The Privacy Act embodies fair information principles in a statutory framework governing the means by which the United States Government collects, maintains, uses, and disseminates individuals' records. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency for which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. In the Privacy Act, an individual is defined to encompass United States citizens and legal permanent residents (LPRs). As a matter of policy, DHS extends administrative Privacy Act protections to all individuals, including aliens who are not LPRs, on whom a system of records maintains information. Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of DHS by complying with DHS Privacy Act regulations, 6 CFR Part 5.

The Privacy Act requires each agency to publish in the Federal Register a description denoting the type and character of each system of records that the agency maintains, and the routine uses that are contained in each system in order to make agency record keeping practices transparent, to notify individuals regarding the uses to which their records are put, and to assist individuals to more easily find such files within the agency.

In accordance with 5 U.S.C. 552a(r), DHS has provided a report of this new system of records to the Office of Management and Budget and to Congress.

System of Records

DHS/NPPD/USVISIT-003

System name:

The United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Program; Technical Reconciliation Analysis Classification System (TRACS).

Security classification:

Unclassified.

System location:

Records are maintained at the United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Program Office Headquarters in Washington, DC and field offices.

Categories of individuals covered by the system:

Categories of individuals covered by this notice consist primarily of persons who are not United States citizens or legal permanent residents (LPRs). However, it will contain data on: (1) U.S. citizens or LPRs who have a connection to the DHS mission (e.g., individuals who have submitted a visa application to the UK (based on the January 11, 2008 signed Memorandum of Understanding between the Department of Homeland Security of the United States of America and the [UKBA International Group Visa Services program formerly known as] UKVISAS as the Authority Appointed by the Secretary of State for the Home Department and the Secretary of State for Foreign and Commonwealth Affairs of the United Kingdom of Great Britain and Northern Ireland, regarding Information Vetting and Sharing), or have made requests for a license or credential as part of a background check or security screening in connection with their hiring or retention, performance of a job function or the issuance a license or credential for employment at DHS); (2) U.S. citizens and LPRs who have an incidental connection to the DHS mission (e.g., individuals living at the same address as individuals who have remained in this country beyond their authorized stays); and (3) individuals who have, over time, changed their status and became U.S. citizens or LPRs.

Categories of records in the system:

Categories of records in this system include: (1) Biometric data (to include, but not limited to, photographs and fingerprints); (2) biographic data held in Government system (to include, but not limited to, names, aliases, date of birth, nationality or other personal descriptive data such as address and phone number); (3) biometric indicator data (to include, but not limited to, fingerprint identification numbers); (4) encounter data (i.e. information that provides the context of the interaction with an individual, such as encounters concerning border entry screening, immigration enforcement, and submission of visa applications); and (5) commercial or publicly available data such as name, address, and phone number as found in open source searches of internet phone directories. The records described in (1)-(5) above may also include related contextual and information management data and metadata, such as: encounter location, time of encounter, document types, document numbers, document issuance information, conveyance information, and address while in the U.S. Start Printed Page 34031Information management data is used to manage ongoing analyses or investigations and may include, but is not limited to, case resolution, status, comments and notes from interviewers or by the analysts assigned to the case(s).

Authority for maintenance of the system:

6 U.S.C. 202, 8 U.S.C. 1103, 1158, 1187, 1201, 1225, 1324, 1357, 1360, 1365a, 1365b, 1379, and 1732. Specifically, the data is collected and maintained in TRACS under the authority provided by: The Immigration and Naturalization Service Data Management Improvement Act of 2000 (DMIA), Public Law 106-215; The Visa Waiver Permanent Program Act of 2000 (VWPPA), Public Law 106-396; The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (U.S.A. PATRIOT Act), Public Law 107-56; The Enhanced Border Security and Visa Entry Reform Act (Border Security Act), Public Law 107-173; The Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA), Public Law 108-458; The Implementing Recommendations of the 9/11 Commission Act of 2007, Public Law 110-53; and The Immigration and Nationality Act (INA), Title 8, United States Code, as delegated by the Secretary, Department of Homeland Security.

Purpose(s):

The purpose of this system is to serve as an information management tool used to enhance the integrity of the United States' immigration system by detecting, deterring, and pursuing immigration fraud, and identifying persons who pose a threat to national security and/or public safety, and to assist in supporting credentialing activities. TRACS is used to: identify individuals who have remained in the United States beyond their authorized period of admission (overstays); maintain information on why individuals are promoted to, or demoted from, the IDENT list of subjects of interest; assist in determining eligibility in connection with: Hiring or retention, issuance of a license or credential as part of a background check or security screening in connection with their hiring or retention, or performance of a job function or the issuance a license or credential for employment at DHS; and to analyze information regarding immigration status, including applications to enter and exit the United States, as well as the actual physical entries into and exits from the United States, in support of law enforcement and intelligence agencies. In addition, TRACS will be used to analyze data quality, integrity, and utility; and analyze data to establish trends and patterns in the data for future enforcement actions.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To the United States Department of Justice (including United States Attorney offices) or other federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, or to the court or administrative body, when it is necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:

1. DHS or any component thereof;

2. Any employee of DHS in his/her official capacity;

3. Any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee; or

4. The United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and DHS determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which DHS collected the records.

B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.

C. To the National Archives and Records Administration or other Federal government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

D. To an agency, organization, or individual for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

E. To appropriate agencies, entities, and persons when:

1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;

2. The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, harm to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity), or harm to the individual that rely upon the compromised information; and

3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS' efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

F. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. The individuals who provide information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.

G. To an appropriate Federal, State, tribal, local, foreign, multinational, or international law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.

H. To appropriate Federal, State, local, tribal, foreign, multinational, or international governmental agencies seeking information on the subjects of wants, warrants, or lookouts, or any other subject of interest, for purpose related to administering or enforcing the law, national security, immigration, or preparedness and critical infrastructure protection, where consistent with a DHS mission-related function as determined by DHS.

I. To appropriate Federal, State, local, tribal, foreign, multinational, or international government agencies charged with national security, law enforcement, immigration, intelligence, preparedness and critical infrastructure protection, or other DHS mission-related functions in connection with the hiring or retention by such an agency of an employee, the issuance of a security clearance, the reporting of an investigation of such an employee, the letting of a contract, or the issuance of a license, grant, loan, or other benefit by the requesting agency. Start Printed Page 34032

J. To the news media and the public, with the approval of the Chief Privacy Officer in consultation with counsel, when there exists a legitimate public interest in the disclosure of the information or when disclosure is necessary to preserve confidence in the integrity of DHS or is necessary to demonstrate the accountability of DHS' officers, employees, or individuals covered by the system, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.

Disclosure to consumer reporting agencies:

None.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Records in this system are stored electronically or on paper in secure facilities in a locked drawer behind a locked door. The records are stored on magnetic disc, tape, digital media, and CD-ROM. Information may also be stored in secured case file folders, cabinets, safes, or a variety of secured electronic or computer databases and storage media to include data and materials introduced through legacy systems (e.g. spreadsheets).

Retrievability:

Records may be retrieved by a variety of data elements including, but not limited to, name, place and date of arrival or departure, document number, and other personal identifiers.

Safeguards:

Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DHS automated systems security and access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions. The system maintains a real-time auditing function of individuals who access the system. Additional safeguards may vary by component and program. The system is protected through multi-layer security mechanisms. The protective strategies are physical, technical, administrative, and environmental in nature, and provide access control to sensitive data, physical access control to DHS facilities, confidentiality of communications, user authentication, and personnel screening to ensure that all personnel with access to data are screened through background investigations commensurate with the level of access required to perform their duties.

Retention and disposal:

The following proposal for retention and disposal is pending approval with National Archives and Records Administration (NARA): Data will be disposed of when the information regarding the potential subject of interest has either been adjudicated or when the 75 year retention schedule has been met. Seventy five years is the retention period of IDENT and ADIS, the primary source systems of TRACS. Because TRACS is frequently used to establish and track decisions that affect the list of subjects of interest and overstay status in IDENT and ADIS, it is necessary that a retention period correspond to these systems.

System Manager and address:

TRACS System Manager, US-VISIT Program, U.S. Department of Homeland Security, Washington, DC 20528.

Notification procedure:

Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to the component's FOIA Officer, whose contact information can be found at http://www.dhs.gov/​foia under “contacts”. If an individual believes more than one component maintains Privacy Act records concerning him or her the individual may submit the request to the Chief Privacy Officer, Department of Homeland Security, 245 Murray Drive, SW., Building 410, STOP-0550, Washington, DC 20528.

When seeking records about yourself from this system of records or any other Departmental system of records your request must conform with the Privacy Act regulations set forth in 6 CFR Part 5. You must first verify your identity, meaning that you must provide your full name, current address and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty or perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose form the Director, Disclosure and FOIA, http://www.dhs.gov or 1-866-431-0486. In addition you should provide the following:

• An explanation of why you believe the Department would have information on you,
• Identify which component(s) of the Department you believe may have the information about you,
• Specify when you believe the records would have been created,
• Provide any other information that will help the FOIA staff determine which DHS component agency may have responsive records,
• If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.

Without this bulleted information the component(s) will not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.

Record access procedures:

A portion of this system is exempted from this requirement pursuant to 5 U.S.C. 552a (j)(2), (k1), (k)(2), and (k)(5). An individual who is the subject of a record in this system may access those records that are not exempt from disclosure. A determination whether a record may be accessed will be made at the time a request is received. DHS will review and comply appropriately with information requests on a case by case basis. An individual desiring copies of records maintained in this system should direct his or her request to the FOIA Officer: See: “Notification procedure” above.

Contesting record procedures:

A portion of this system is exempted from this requirement pursuant to 5 U.S.C. 552a (j)(2), (k)(1), (k)(2), and (k)(5). An individual who is the subject of a record in this system may access those records that are not exempt from disclosure. A determination whether a record may be accessed will be made at the time a request is received. DHS will review and comply appropriately with information requests on a case by case basis. Requests for access or correction of records in this system may be made through the Traveler Redress Inquiry Program (TRIP) at http://www.dhs.gov/​trip or via mail, facsimile or e-mail in accordance with instructions available at http://www.dhs.gov/​trip. See: “Notification procedure” above.

Record source categories:

Basic information contained in this system is supplied by individuals covered by this system, and other Start Printed Page 34033Federal, State, local, tribal, or foreign government systems; private citizens; and public sources.

Exemptions claimed for the system:

The Secretary of Homeland Security has exempted this system from 5 U.S.C. 552a(c)(3) and (4); (d); (e)(1), (e)(2), (e)(3), (e)(4)(G), (e)(4)(H), (e)(4)(I), (e)(5) and (e)(8); (f); and (g) pursuant to 5 U.S.C. 552a(j)(2). In addition, the Secretary of Homeland Security has exempted this system from 5 U.S.C. 552a(c)(3); (d); (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I), and (f) pursuant to 5 U.S.C. 552a(k)(1), (k)(2), and (k)(5). These exemptions apply only to the extent that records in the system are subject to exemption pursuant to 5 U.S.C. 552a (j)(2), (k)(1), (k)(2), and (k)(5).